Topics

Kubernetes 101 Workshop

Nov 23, 2016
by
Sasha Klizhentas

We are heavy users of Kubernetes (aka, k8s). It powers our Private SaaS deployments and we have found
it to be a very powerful tool. However, learning about Kubernetes can be a little
daunting so we have created this Kubernetes 101 workshop to help people get started
with Kubernetes.

In this workshop, you will learn:

How to install Kubernetes on your OSX or Linux machine using Minikube.
Minikube is a community-recommended method to run Kubernetes on a single laptop.

The basic concepts of Kubernetes, including Pods, Deployments, Replica Sets, Services
and ConfigMaps.

How to deploy a sample application into Kubernetes. We are going to be
deploying Mattermost, the open
source Slack alternative, for this workshop.

Installation

Requirements

You will need a machine with at least 7GB RAM and 8GB free disk space available, we’ll be
installing the following components on it:

By executing kubectl run ... command we launched several “Pods”. Pods are a basic building block
of Kubernetes-managed infrastructure. A Pod is a group of containers running on the same
machine and sharing the networking namespace. They are used to group related processes together
and can be compared to traditional VMs.

As you can see, this container has its own separate PID namespace - nginx process is actually PID 1.

$ ls -l /var/run/secrets/kubernetes.io/serviceaccount/

Kubernetes also mounted a special volume in our container serviceaccount with
the access credentials needed to talk to the k8s API process. Kubernetes uses the
technique of exposing information to containers via mounted volumes quite
often. For example, it can create volumes for container configuration or for
encrypted application secrets. We will explore this in more detail a bit later.

We don’t need to always run interactive sessions within container. For example, we can
execute commmand without attaching PTY:

Deployments and Replica Sets

We asked Kubernetes to create two Pods but that’s not all that happened.
Kubernetes also created a deployment with a replicaset consisting of two Pods:

$ kubectl get deployments
NAME DESIRED CURRENT UP-TO-DATE AVAILABLE AGE
my-nginx 2 2 2 2 1h

$ kubectl get replicasets
NAME DESIRED CURRENT AGE
my-nginx-3800858182 2 2 1h

A Deployment is a special declarative state of
your Pods and Replica Sets. A Replica Set specifies the
number of Pod “replicas” running at any one time.
You simply declare the desired state of your Deployment and k8s converges the current state to it.

Every time you update the Deployment, it kicks off the update procedure using
whatever update strategy you’ve selected for it.

Let’s dig a little deeper into this deployment:

Here we see that it manages 2 replicas of our Pod and using the RollingUpdate strategy,
which updates one Pod at a time, rather than taking down the entire Service at the same time:

It works! Wait, so you need to hardcode this VIP in your configuration? What if it changes from environment to environment? Thankfully, k8s team thought about this as well, and we can simply
use the Service name:

$ curl http://my-nginx
<!DOCTYPE html>
...

K8s is integrated with the SkyDNS service
that watches the Services and Pods and sets up appropriate A records. Our sandbox local DNS server is simply configured to point to the DNS Service provided by k8s.

That’s very similar how k8s manages discovery in containers, as well. Let’s login into one of the nginx boxes and
discover /etc/resolv.conf there:

Notice that we’ve introduced a volumes section that tells k8s to attach volumes
to the Pods. One special volume type we support is configmap that
is created on the fly from the ConfigMap resource my-nginx-v1 that we’ve just created.

Another part of our config is volumemounts that are specified for each container and tell it where to mount the volume.

Connecting services

Let’s deploy a slightly more complicated stack. In this exercise we will deploy Mattermost - an alternative to Slack that you can self host. We will build our own containers and configuration and push it to the registry.
Mattermost is composed of a worker process that connects to a running PostgreSQL instance.

Build container

Let’s build a container image for our worker and push it to our local private registry:

Here’s where k8s power comes into play. We don’t need to provide hardcoded IPs, we can simply make sure that there’s a postres service pointing to our postgres database running somewhere in the cluster.

$ kubectl logs mattermost-database
The files belonging to this database system will be owned by user "postgres".
This user must also own the server process.
The database cluster will be initialized with locale "en_US.utf8".
The default database encoding has accordingly been set to "UTF8".
The default text search configuration will be set to "english".
Data page checksums are disabled.
fixing permissions on existing directory /var/lib/postgresql/data ... ok
creating subdirectories ... ok
selecting default max_connections ... 100
selecting default shared_buffers ... 128MB

NOTE: Our mattermost-database is not replicated here. In a real production systems we must create a proper Replica Set for the stateful service, what is slightly more complicated than this example.

Creating mattermost service

Our last step is to create a mattermost Service:

$ kubectl create -f mattermost/worker-service.yaml
You have exposed your service on an external port on all nodes in your
cluster. If you want to expose this service to the external internet, you may
need to set up firewall rules for the service port(s) (tcp:32321) to serve traffic.
See http://releases.k8s.io/release-1.2/docs/user-guide/services-firewalls.md for more details.
service "mattermost" created

Hey, wait a second! What was that message about? Let’s inspect the Service spec we
put in the workshop directory:

Here we see that on my Vagrant every node in the system should have IP:32321 resolve to the mattermost web app.
On your Vagrant the port most likely will be different!

So on my computer I can now open mattermost app using one of the nodes IP:

Recap

We’ve learned several quite important concepts like Services, Pods, Replica Sets and
Configmaps. But that’s just a small part of what Kubernetes can do. You can find more information
on the Kubernetes website.